IT has so much regulation and control around what users can and cannot do to deploy their solutions in areas where there really doesn’t need to be that level of stringency, they find ways around it…
I’m in the middle on this argument, I agree with Wictor Wilén regarding the dangers of rogue…
Julie Turner
21

Remember that client side code is the new full trust code. Any script, Marcs, scripts downloaded from scripts.ru, SPFx etc will all run under the current users account and have access to everything the user has access to. That kind of power cannot be let to a site admin or editor. At least not with the clients I work with, yours might be OK with it though.

An Iframe or even a SharePoint Add-in might be better or more secure.

Hopefully Microsoft continues to evolve SharePoint so editors have more configuration options that can be used instead of JavaScript injections. Or why not use PowerApps…

Show your support

Clapping shows how much you appreciated Wictor Wilén’s story.